The below tests for FCS_TLSC_EXT.1.1 and FCS_TLSS_EXT.1.1 can only be performed for ciphersuites that utilize Diffie Hellman. These tests should be conditional and only required when a ciphersuite that utilizes Diffie Hellman is claimed by a Security Target.

“Modify the signature block in the Server’s KeyExchange handshake message, and verify that the client rejects the connection after receiving the Server KeyExchange.”

“Modify the signature block in the Client’s Key Exchange handshake message, and verify that the server rejects the client's Certificate Verify handshake message (if using mutual authentication) or that the server denies the client's Finished handshake message.”

Resolution

The below PPs are updated as follows:

PP_APP_v1.2

Test 5.4 for FCS_TLSC_EXT.1.1 is updated as follows:

" Test 5.4 (conditional): If an ECDHE or DHE ciphersuite is selected, modify the signature block in the Server’s Key Exchange handshake message, and verify that the client rejects the connection after receiving the Server Key Exchange message.”

Test 4.3 for FCS_TLSS_EXT.1.1 is updated as follows:

“Test 4.3 (conditional): If an ECDHE or DHE ciphersuite is selected, modify the signature block in the Client’s Key Exchange handshake message, and verify that the server rejects the client's Certificate Verify handshake message (if using mutual authentication) or that the server denies the client's Finished handshake message.”

PP_OS_V4.1:

Test 5.4 for FCS_TLSC_EXT.1.1 is updated as follows:

" Test 5.4 (conditional): If an ECDHE or DHE ciphersuite is selected, modify the signature block in the Server’s Key Exchange handshake message, and verify that the client rejects the connection after receiving the Server Key Exchange message."

PP_MDM_V3.0

Test 5, bullet 4 for FCS_TLSC_EXT.1.1 is updated as follows:

“(conditional): If an ECDHE or DHE ciphersuite is selected, modify the signature block in the Server’s Key Exchange handshake message, and verify that the client rejects the connection after receiving the Server Key Exchange message."

Test 4 bullet 2 for FCS_TLSS_EXT.1.1 is updated as follows:

“(conditional): If an ECDHE or DHE ciphersuite is selected, modify the signature block in the client’s Certificate Verify handshake message, and verify that the server rejects the client’s Certificate Verify handshake message and verify that the server denies the client’s Finished handshake message.”

PP_CA_v2.0

Test 5d for FCS_TLSC_EXT.1.1 is updated as follows:

“(conditional): If an ECDHE or DHE ciphersuite is selected, modify the signature block in the Server’s Key Exchange handshake message, and verify that the client rejects the connection after receiving the Server Key Exchange message."

Test 4b for FCS_TLSS_EXT.1.1 is updated as follows:

“(conditional): If an ECDHE or DHE ciphersuite is selected, modify the signature block in the Client’s Key Exchange handshake message, and verify that the server rejects the client’s Certificate Verify handshake message (if using mutual authentication) or that the server denies the client’s Finished handshake message.”

PP_VOIP_V1.3Test 5, bullet 3 for FCS_TLS_EXT.1 is updated as follows:

“(conditional): If an ECDHE or DHE ciphersuite is selected, modify the signature block in the Server’s KeyExchange handshake message, and verify that the client rejects the connection after receiving the Server KeyExchange.”